------------------------------
Message: 4
Date: Wed, 19 Nov 2008 10:49:06 -0600
From: Alan DeKok <[EMAIL PROTECTED]>
Subject: Re: ssh cleartext-password "? INCORRECT"
To: FreeRadius users mailing list
<[email protected]>
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1
David Ly wrote:
Here is the relavent part of the log from radiusd -X
Using 'radtest steve testing localhost 10 testing123'
You've done some *very* weird editing or reformatting of the log.
That makes it more difficult to understand.
Using 'ssh [EMAIL PROTECTED]' password: testing
rad_recv: Access-Request packet from host 127.0.0.1 port 26561, id=106,
length=83 User-Name =
"steve"
User-Password = "\010\n\r\177INCORRECT" ****
Ah, yes. That's a PAM feature, I think. Or maybe SSH. It replaces
the password the user entered with that string. Why? Damned if I know.
I'd suggest asking the PAM people how to configure the system so that
it doesn't mangle the password.
In any case, this is what the RADIUS server receives, so there is
*nothing* you can do to the RADIUS server to solve the problem.
And the PAM RADIUS module doesn't do this stupid rewriting. So
there's nothing you can do to that module, either.
Alan DeKok.
I manged to find the problem, as you said, it WASNT the server but
rather the PAM module that was causing this. It required a local user
account (set with a blank password). As to why it needs that, I have no
idea, but thats that. Thanks for the help, and I hope that others who
come across this can avoid the grueling two days of troubleshooting and
tinkering. Once agian thanks to all. Cheers
David Ly
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
